TemporPrivacy Policy
Effective date: 10 June 2026 · Version 1.0
Temporra ("we", "us") is a workforce time & attendance platform operated by Alpha IT Solutions, United Kingdom. This policy explains what personal data the Temporra website, web app and mobile apps collect, why we collect it, and the rights you have over it. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who is responsible for your data
Temporra is used by businesses ("employers") to manage their workforce. How responsibility is divided depends on the data:
| Data | Controller | Our role |
|---|---|---|
| Workforce records — timesheets, schedules, leave, GPS clock-ins, facial-recognition templates, permits, work photos | Your employer | Processor — we store and process this data on your employer's instructions |
| Account, billing and subscription data of the business owner / admin | Temporra (Alpha IT Solutions) | Controller |
If you are an employee using Temporra at work, your employer decides what features are enabled (e.g. GPS or facial verification) and is your first point of contact for questions about your data.
2. What data we collect
Account & contact data
- Name, email address, phone number, job title, department
- Login credentials (passwords are stored hashed — we can never read them)
Workforce records
- Clock-in / clock-out times, timesheets, overtime, breaks
- Shift schedules, leave requests, hourly / day rates, payroll summaries and invoices
- Work permits and supporting documents (e.g. certificates, CSCS cards)
- Work photos uploaded by you or your employer
Location data (GPS)
If your employer enables GPS verification, we capture your device's location only at the moment you clock in or clock out — never continuously and never in the background. The coordinates are stored with the timesheet entry to confirm presence at the job site.
Biometric data (facial recognition)
- We store a mathematical template (a sequence of 128 numbers) that describes facial geometry — not a photo and not an image that can be viewed or reversed into one.
- The live camera image used during a clock-in check is processed on your device and is not retained after verification.
- You may withdraw consent at any time by asking your employer to remove your facial template; it is deleted immediately and permanently.
Payment data
Subscription payments are processed by Stripe. Card numbers never touch our servers — we receive only a payment confirmation and the last four digits for billing display.
Technical data
- IP address, browser type and device type (in server logs, for security and fraud prevention)
- Data stored locally on your device (login session, app preferences) so the app works offline
3. Why we process your data
| Purpose | Lawful basis |
|---|---|
| Recording working time, scheduling, leave and payroll | Performance of your employer's contract with us; your employer's legitimate interest in workforce management |
| GPS verification of clock-ins at job sites | Your employer's legitimate interest in confirming site attendance |
| Facial-recognition identity checks | Your explicit consent (UK GDPR Article 9(2)(a)) |
| Billing and subscription management | Performance of contract |
| Security, fraud prevention and service integrity | Legitimate interest |
| Service emails (login details, confirmations, invoices) | Performance of contract |
We do not sell personal data, use it for advertising, or share it with data brokers.
4. Who we share data with
- Your employer and colleagues with appropriate permissions (e.g. a manager approving your timesheet)
- Hosting provider — our servers are located in the United Kingdom / European Economic Area
- Stripe — payment processing
- Email delivery provider — service emails only
- Authorities, where required by law
We do not transfer personal data outside the UK/EEA except where the recipient provides safeguards recognised under UK GDPR (e.g. adequacy or standard contractual clauses).
5. How long we keep data
- Workforce records — for as long as your employer's account is active, or until your employer deletes them. UK employers typically retain working-time records for 2–6 years to meet legal obligations.
- Facial templates — until you withdraw consent, your profile is deleted, or the employer disables the feature, whichever is first.
- Account & billing data — for the duration of the subscription plus the period required by UK tax law (6 years).
- Server logs — up to 90 days.
6. Security
- All traffic is encrypted in transit with TLS (HTTPS)
- Passwords are stored using strong one-way hashing
- Role-based access control — workers, managers and admins see only what their role permits
- Servers are firewalled and access to production systems is restricted
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Restriction and objection — limit or object to certain processing
- Portability — receive your data in a machine-readable format
- Withdraw consent — at any time, for consent-based processing such as facial recognition
If you are an employee, please direct requests about workforce records to your employer (the controller); we will assist them in fulfilling your request. For account or billing data, contact us directly. You also have the right to complain to the Information Commissioner's Office (ICO).
8. Children
Temporra is a workplace tool and is not intended for anyone under 16. We do not knowingly collect data from children.
9. Changes to this policy
We will post any changes on this page and update the effective date above. For significant changes we will notify account administrators by email.
10. Contact us
Alpha IT Solutions — Temporra
London, United Kingdom
Email: support@temporra.app